I draw Members’ attention to my register of interests and my wife’s employment as a radiographer. Can I welcome his reassurances today, but also the fact that he’ll bring forward a more detailed written statement? I suspect that we may have to come back at some point in the future as well with an even more detailed statement. Perhaps some of the questions I have might help guide his subsequent responses. First of all, do we know now the full extent of those who have been affected by this data attack—this cyber-attack—or do we feel that it could actually spread beyond those that have already been reported in the press and media? Secondly, have all those who have been affected—that we know have been affected—been informed? It would be good to get that reassurance. Secondly, if not now, how soon can those who suspect that they may have been affected, but actually are in the clear, be informed that they have nothing to worry about? Thirdly, do we know that this is, or will the investigation tell us whether this is the result of an aggressive cyber-attack that could not be defended against? Or if we find that, actually, this is a—. We don’t know this yet, but if the investigation turns up that this is a lapse in the defence and the levels of defence that were there, what liabilities does the private company or the health board have to those people who are affected? Finally, looking further ahead, and following the questions from Darren, knowing that the repercussions of this could spread, not in the months ahead but the years ahead, could we seek some assurance of what responsibility and what liability the company, the health board and others may have to those individuals who may be affected, who may be affected by data theft, credit loss and many other more serious eventualities way down the line? What protections are they now given because of this data breach?